A hybrid intrusion detection system for 802.11 networks with effective feature selection

Abstract EN

The IEEE 802.11i protocol is the current security standard for WLANs.

While it has strong security mechanisms such as advanced encryption standard for encrypting and the four-way handshake protocol for authentication, it is still vulnerable to a number of serious attacks such as deauthentication and disassociation flooding.

various intrusion detection techniques are proposed by the research community to detect known and zero-day WLAN attacks.

Nevertheless, further efforts are needed to improve the detection performance using a benchmark 802.11 dataset that contains both normal traffic and intrusive traffic of all known attacks.

In this paper, we introduce a hybrid real-time network based WLAN intrusion detection system that employs signature and anomaly detection methods.

using signature detection can increase the true positive rate while anomaly detection can detect zero-day attacks.

In addition to the signature rules, we considered both C4.5 classifier and averaged one-dependence estimator (AODE) for anomaly detection.

the developed system is evaluated in terms of precision and recall, providing three contributions.

firstly a novel technique is developed for effective feature selection based on filtering model and knowledge of WLAN attack footprints.

Secondly, it improves classification accuracy, compared with recently published results, and dramatically reduces the classification speed by minimizing the training time and the classification attributes.

thirdly, it offers a high performance real time hybrid WLAN intrusion detection system.

a prototype is implemented and tested on 1.7 GHz i5 PC with 12 GB RAM.

The experimental results show that the implemented system has a fast learning time of 45 seconds and a high classification performance of 99.6% precision, 98.11% recall, and an overall accuracy of 99.82%.